Invicti vs Seeker comparison

Invicti and Black Duck are both solutions in the API Security category. Invicti is ranked #5 with an average rating of 8.9, while Black Duck is ranked #15. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 100% of Black Duck users who would recommend it.

Invicti

Read 28 Invicti reviews

203 Views
111 Comparison Views

96% willing to recommend

Seeker

Read 1 Seeker review

84 Views
57 Comparison Views

100% willing to recommend

Invicti

Seeker

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Invicti and Seeker based on real PeerSpot user reviews.

Find out what your peers are saying about Akamai, Checkmarx, Salt Security and others in API Security.

To learn more, read our detailed API Security Report (Updated: December 2024).

Buyer's Guide

API Security

December 2024

Download the complete report

Helped 823,875 peers since 2012

Categories and Ranking

Invicti

Ranking in API Security

5th

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (14th), Dynamic Application Security Testing (DAST) (3rd)

Seeker

Ranking in API Security

15th

Average Rating

7.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Internet Security (19th), Mobile Threat Defense (14th)

Featured Reviews

Amr Abdelnaser

Senior Information Security Analyst at EastNets Holding Ltd.

A safe solution used to detective vulnerabilities for dynamic and complex testing

The Invicti is the scope application tool. The solution is installed on-premise but could be installed as a web version. Starting from the latest version, the web version could be used. They have a web application server. The deployment of the solution involves installing the EXE and configuring your machine.

Read full review

San K

Senior Group Leader at Infosys

More effective than dynamic scanners, but is missing useful learning capabilities

One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need. The purposes for which applications are designed may differ in practice in the industry, and because of this, there will always be tools that sometimes report false positives. Thus, there should be some means with which I can customize the way that Seeker learns about our applications, possibly by using some kind of AI / ML capability within the tool that will automatically reduce the number of false positives that we get as we use the tool over time. Obviously, when we first start using the scanning tool there will be false positives, but as it keeps going and as I keep using the tool, there should be a period of time where either the application can learn how to ignore false positives, or I can customize it do so. Adding this type of functionality would definitely prevent future issues when it comes to reporting false positives, and this is a key area that we have already asked the vendor to improve on, in general. On a different note, there is one feature that isn't completely available right now where you can integrate Seeker with an open-source vulnerability scanner or composition analysis tool such as Black Duck. I would very much like this capability to be available to us out-of-the-box, so that we can easily integrate with tools like Black Duck in such a way that any open source components that are used in the front-end are easily identified. I think this would be a huge plus for Seeker. Another feature within Seeker which could benefit from improvement is active verification, which lets you actively verify a vulnerability. This feature currently doesn't work in certain applications, particularly in scenarios where you have requested tokens. When we bought the tool, we didn't realize this and we were not told about it by the vendor, so initially it was a big challenge for us to overcome it and properly begin our deployment.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The platform is stable."

"This tool is really fast and the information that they provide on vulnerabilities is pretty good."

"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."

"One of the features I like about this program is the low number of false positives and the support it offers."

"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."

"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."

"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."

"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."

More Invicti pros

"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."

Cons

"The support's response time could be faster since we are in different time zones."

"The scannings are not sufficiently updated."

"Currently, there is nothing I would like to improve."

"They could enhance the support for data swap testing for the platform."

"Invicti takes too long with big applications, and there are issues with the login portal."

"Netsparker doesn't provide the source code of the static application security testing."

"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."

"The custom attack preparation screen might be improved."

More Invicti cons

"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."

Pricing and Cost Advice

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."

"We never had any issues with the licensing; the price was within our assigned limits."

"It is competitive in the security market."

"OWASP Zap is free and it has live updates, so that's a big plus."

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

"The price should be 20% lower"

More Invicti pricing and cost advice

"The licensing for Seeker is user-based and for 50 users I believe it costs about $70,000 per year."

See which vendors are best for you

Use our free recommendation engine to learn which API Security solutions are best for your needs.

See recommendations

823,875 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

55%

Financial Services Firm

Computer Software Company

Manufacturing Company

Financial Services Firm

23%

Computer Software Company

16%

Manufacturing Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.

See all answers

What do you like most about Invicti?

The most valuable feature of Invicti is getting baseline scanning and incremental scan.

See all answers

What needs improvement with Invicti?

Currently, there is nothing I would like to improve.

See all answers

Ask a question

Earn 20 points

Comparisons

Acunetix vs Invicti

Compared 17% of the time

OWASP Zap vs Invicti

Compared 16% of the time

Qualys Web Application Scanning vs Invicti

Compared 7% of the time

PortSwigger Burp Suite Professional vs Invicti

Compared 7% of the time

HCL AppScan vs Invicti

Compared 6% of the time

More Invicti Competitors

Contrast Security Assess vs Seeker

Compared 26% of the time

Coverity vs Seeker

Compared 24% of the time

Synopsys API Security Testing vs Seeker

Compared 15% of the time

SonarQube Server (formerly SonarQube) vs Seeker

Compared 11% of the time

Polaris Software Integrity Platform vs Seeker

Compared 9% of the time

More Seeker Competitors

Product Reports

Buyer's Guide

Invicti

December 2024

Download Invicti product report

Buyer's Guide

Internet Security

November 2024

Download Seeker product report

Also Known As

Netsparker

No data available

Learn More

Invicti

Black Duck

Overview

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Seeker®, interactive application security testing (IAST) solution, gives you unparalleled visibility into your modern web, cloud based and microservices based app security posture. It automatically verifies, prioritizes and reports on critical vulnerabilities in real time. It identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive data to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Seeker’s seamless integration into CI/CD workflows enables fast interactive application security testing at DevOps speed.

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

El Al Airlines and Société Française du Radiotelephone

Find out what your peers are saying about Akamai, Checkmarx, Salt Security and others in API Security. Updated: December 2024.

DOWNLOAD NOW

823,875 professionals have used our research since 2012.

See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.